https://citconf.com/wiki/api.php?action=feedcontributions&feedformat=atom&user=MrPi CitconWiki - User contributions [en] 2026-06-04T00:37:19Z User contributions MediaWiki 1.43.8 https://citconf.com/wiki/index.php?title=Risk_management_and_voodoo_charms&diff=14719 Risk management and voodoo charms 2012-10-20T15:52:02Z <p>MrPi: Created page with &quot;Moderated by: Jtf Voodoo charm - &quot;Lets keep an eye on it!&quot;, but ignoring the actual responsibility Lets monitor it in production! How do we actually do that? You should have...&quot;</p> <hr /> <div>Moderated by: Jtf<br /> <br /> Voodoo charm - &quot;Lets keep an eye on it!&quot;, but ignoring the actual responsibility<br /> <br /> Lets monitor it in production! How do we actually do that?<br /> You should have a plan. How? When? Where?<br /> It seems like we often identify problems, agreeing that it is a problem and that we need to monitor it, but nothing is done. How do we prevent this?<br /> &quot;Should&quot; or &quot;I intend to&quot; are dangerous words. You get immediate gratification and feel you really do not have to act on what you intended to do.<br /> We need tools and formal techniques to actually do what we are thinking about doing.<br /> It's all about the definition of done. A programmers version of &quot;done&quot; probably means &quot;the happy case works and the first iteration of tests are green&quot;, which does not mean that the feature actually Works. You have to look at the whole system, _including_ the non functional requirements.<br /> The non-functional requirements needs to be tested/monitored as well. But how do we find out what tests/monitoring specs we need to have/add?<br /> Draw a map of the entire system, the ENTIRE system. Think about the dependencies (arrows) between components and go through all of them. &quot;What if this part goes down, how do we know?&quot; Will an email be sent? What if the email server is down? This is called failure analysis. From this you have to think about the impact of these failures; Impact Analysis. When you have identified the impact you have to think about the risk; risk analysis. From the risk analysis you can identify actual business cases which can amount to use cases/stories.<br /> <br /> Failure Analysis -&gt; Impact Analysis -&gt; Risk Analysis -&gt; Business Case<br /> <br /> Usually we are not good at thinking about the whole system and thinking about risks outside of the code base.<br /> <br /> Do you want to be proactive or reactive with this? Going through a failure analysis BEFORE you have a problem will help you avoid problems.<br /> <br /> Detection<br /> Mitigation<br /> Prevention<br /> <br /> SPIN Selling - how to sell change;<br /> Situation<br /> Problem<br /> Implications<br /> Needs analysis<br /> <br /> Why does it work? Because you need to talk to people about specific cases and collaborate.</div> MrPi